diff options
| author | Yan <yanzheng@21cn.com> | 2008-01-22 12:46:56 -0500 |
|---|---|---|
| committer | Chris Mason <chris.mason@oracle.com> | 2008-09-25 11:03:59 -0400 |
| commit | b17854275cd297d40c6c5562fa44a472314c6c7f (patch) | |
| tree | a8056de7cbc45dd927cf1220ff2dfc8f4e15dd17 | |
| parent | e18e4809b10e6c9efb5fe10c1ddcb4ebb690d517 (diff) | |
Fix for btrfs_find_free_objectid
btrfs_find_free_objectid may return a used objectid due to arithmetic
underflow. This bug may happen when parameter 'root' is tree root, so
it may cause serious problems when creating snapshot or sub-volume.
Signed-off-by: Chris Mason <chris.mason@oracle.com>
| -rw-r--r-- | fs/btrfs/inode-map.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c index ab74977adf5c..a0925eabdaa2 100644 --- a/fs/btrfs/inode-map.c +++ b/fs/btrfs/inode-map.c | |||
| @@ -62,7 +62,6 @@ int btrfs_find_free_objectid(struct btrfs_trans_handle *trans, | |||
| 62 | struct btrfs_path *path; | 62 | struct btrfs_path *path; |
| 63 | struct btrfs_key key; | 63 | struct btrfs_key key; |
| 64 | int ret; | 64 | int ret; |
| 65 | u64 hole_size = 0; | ||
| 66 | int slot = 0; | 65 | int slot = 0; |
| 67 | u64 last_ino = 0; | 66 | u64 last_ino = 0; |
| 68 | int start_found; | 67 | int start_found; |
| @@ -109,8 +108,7 @@ int btrfs_find_free_objectid(struct btrfs_trans_handle *trans, | |||
| 109 | if (start_found) { | 108 | if (start_found) { |
| 110 | if (last_ino < search_start) | 109 | if (last_ino < search_start) |
| 111 | last_ino = search_start; | 110 | last_ino = search_start; |
| 112 | hole_size = key.objectid - last_ino; | 111 | if (key.objectid > last_ino) { |
| 113 | if (hole_size > 0) { | ||
| 114 | *objectid = last_ino; | 112 | *objectid = last_ino; |
| 115 | goto found; | 113 | goto found; |
| 116 | } | 114 | } |